ARM and the
specialist for security technology Giesecke & Devrient
(G&D) today announced a strategic partnership for the
development of highly secure mobile phone platforms. Through the
combination of ARM TrustZone technology, which creates a
protected area in advanced systems-on-chip, and the highly secure
Mobicore operating system developed by G&D, sensitive applications
such as electronic payment and online banking via mobile phone
will be efficiently protected from security threats. As a first
step the two companies will develop a joint prototype.
“We will be working with ARM to develop the
security architecture for the next generation of mobile phones.
This will enable people to access highly valuable services with
convenience and security,” explains Dr. Kai Grassie, head of the
new business division at G&D.
“ARM TrustZone technology is
already an integral part of the ARM Cortex™-A series processors
which are currently being deployed in smartphones by many of the
industry’s leading handset manufacturers,” said Ian Drew,
executive vice president, marketing, ARM. “This
collaboration with G&D will enable us to make rapid progress toward
enabling secure transactions in next-generation mobile devices.”
Acceptance of mobile applications such as banking, ticketing and
payment solutions rests on the security of device and background
systems involved. For this reason, both companies have been
working on innovative security concepts.
The interplay
of TrustZone and Mobicore ensures that if online services require
security-sensitive functions such as entry of username and
password or data output on a display, these functions are transferred to
the Mobicore high-security operating system running in the
TrustZone protected area of an ARM application processor. As the
security-sensitive functions are executed, Mobicore maintains
control of the secure area of a system-on-chip. Users can
therefore be certain that the data they have entered, such as
their username and password, cannot be manipulated by malware on
the phone during a payment transaction.
ARM is also
creating a range of training and architectural service packages
based around a TrustZone / MobiCore reference system which will
help reduce time-to-market for secure embedded system development. ARM
will release its first secure system training course based around
hardware system integration and the TrustZone API next month. This
will be followed by an ARM Active Assist on-site design review
service package, a secure systems development training package
based on Mobicore, the release of the TrustZone Address Space
Controller to secure multiple regions in off-chip memory and the
TrustZone reference system later in the year.
